Support canceling of work requests and workflows

User story

As a user, I started a workflow to upload-to-unstable but figured out that my update is broken, and I don't want to bring it to completion. Instead I want to abort the whole workflow.

Proposed design

• A workflow or work-request can be "aborted" when the work request is in PENDING / BLOCKED / RUNNING status.
• For a workflow, the abort operation applies recursively on all children work requests which are PENDING / BLOCKED / RUNNING status.
• The abort operation is authorized on a work request for owners of the workspace containing the work request, and for the user who started the work-request/workflow.
• The abort operation sets the status to ABORTED. (mark_aborted)
• The abort operation clears the work request's worker field.
• The abort operations logs who cancelled the work request (somehow).

Implementation plan

• Add a new API end-point (/work-request/<id>/abort/)
• Add a new debusine client command to abort a workflow (debusine workflow abort XXXX ?)
• Extend the Web UI to show an "Abort" button when applicable (when the user has the required permissions to abort the displayed workflow/work request)
  • It should in the same place where we put the "Retry" button already.
• Modify the Web UI of the "ExternalDebsign" work request to include a clear "Abort workflow" button next to the instructions to provide the signature and present it as what you have to do if you don't want to sign & upload
• Ensure we use select_for_update in assign_worker and abort to ensure there's no race condition where the task gets picked up by worker while it's being aborted.

(this description has been largely rewritten on April 25th to concentrate on the core abort operation, and additional feature requests have been moved to #823 and #824)